How to only use the remote introspection

chanxl009 · August 25, 2020, 7:55am

Hi Team,

I’m trying to just use the remote introspection for OKTA.
I created a SPA application with PKCE. It only has the client id but no client secret.
When I configured the remote introspection inforamtion in the external authorization server, I don’t know which client secret should be input. If I leave it blank, the page doesn’t le me save.
So I just input another okta web app’s client secret.

but I alway got the error message as below:
“UnAuthorized application request”

If I remove the remote introspection information and input the local introspection information, I can get the correct result, no error “UnAuthorized application request”.

Any idea how to configure the correct remote introspection for okta SPA with PKCE?

Thanks & Regards,
Jason

rmg · August 25, 2020, 8:12pm

Hi Jason,

Please take a look on this thread/article and it should help further with OKTA specific topic also:

http://techcommunity.softwareag.com/pwiki/-/wiki/Main/Securing%20APIs%20using%203rd%20party%20OAuth%202%20provider%20in%20API%20Gateway

HTH,
RMG

Topic		Replies	Views
doubt about "Securing APIs using 3rd party OAuth 2 provider in API Gateway" webMethods , API-Management , API-Gateway	5	1526	April 2, 2021
About only use remote introspection of okta webMethods	1	405	April 2, 2021
Adding IDCS as external authorization server for webMethods API Gateway webMethods , Integration-Server-and-ESB , webMethods-io-Integration , API-Management , API-Gateway	5	1747	May 6, 2022
How to configure OAuth 2 in microgateway introspection webMethods , API-Management , API-Gateway , Microgateway	2	665	November 2, 2023
Securing APIs using 3rd party OAuth 2 provider in API Gateway Knowledge base webMethods , API-Management , API-Gateway	2	5211	February 12, 2024

How to only use the remote introspection

Related topics